CVE-2002-1152
KDE Konqueror 3.0-3.0.2 - Insecure Cookie Transmission via Missing Secure Flag Detection
Title source: llmDescription
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-220.html
Various Sources x_refsource_confirm
http://www.kde.org/info/security/advisory-20020908-1.txt
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5691
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103175827225044&w=2
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10083.php
Scores
EPSS
0.0143
EPSS Percentile
80.9%
Details
Status
published
Products (3)
kde/kde
3.0
kde/kde
3.0.1
kde/kde
3.0.2
Published
Oct 11, 2002
Tracked Since
Feb 18, 2026